This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
This article explains how you can enable the information barrier (IB) compliance assistant for group-connected SharePoint sites. These sites are sites that don't have an associated team in Microsoft Teams. When the information barrier compliance assistant is enabled, users who don't match the segments specified on this site are automatically removed to ensure group membership honors configured information barrier policies. This configuration may help ensure your organization remains compliant with standards, policies, and compliance regulations.
These steps create a new application in your organization's enterprise applications. For the compliance assistant to function properly, you must have explicitly added segments to a SharePoint site. Complete the following steps to enable the compliance assistant:
Run the following PowerShell cmdlets.
Connect-MgGraph
Connect-AzAccount
$appId="f46c682f-628c-48e6-b963-03309e34639e"
$sp=Get-AzADServicePrincipal -ServicePrincipalName $appId
if ($sp -eq $null) {New-AzADServicePrincipal -ApplicationId $appId}
Start-Process "https://login.microsoftonline.com/common/adminconsent?client_id=$appId"
When prompted, sign in using your Office 365 work or school account.
In the Permissions requested dialog box, review the information, and select Accept. This action configures admin consent for the compliance assistant.
To verify that a new application was properly created in your organization's enterprise applications, complete the following steps:
Log into portal.azure.com with directory administrator's credentials.
Select Manage Microsoft Entra ID.
Select Enterprise Applications in left navigation listing.
Search for the compliance assistant using 'M365' as the search term.
Select M365-Group-Compliance-Assistant from the list of search results.
On the M365-Group-Compliance-Assistant overview page, you can review application properties.
Select Permissions in the left-navigation pane to review the permissions that the application is authorized for.
In this example, the M365-Group-Compliance-Assistant is authorized to add/remove noncompliant information barrier users from your Microsoft 365 groups.
You can use audit log search in the Microsoft Purview compliance portal to search, review, and track audit log events for the M365-Group-Compliance-Assistant application. The audit activities associated with the compliance assistant are:
To search the audit log for Microsoft 365 Groups activities, see Search the audit log.
Note
The compliance assistant runs periodically (every 24 hours). The assistant runs on group-connected SharePoint sites that do not have an associated team in Microsoft Teams. To enable the compliance assistant for SharePoint sites connected to Microsoft Teams, follow the instructions in the Define information barrier policies article.
Documentation
Create an information barriers policy compliance report
Learn how to find noncompliant sites after information barriers policies change.
Use information barriers with OneDrive
Learn about associating segments with a OneDrive, and what happens when segments are associated with a OneDrive.
SharePoint & OneDrive insights report (preview)
Use the insights report to get information about information barriers usage in your organization.